Scenario:
As per msdn article “AllowUnsafeUpdates is set to true when you are trying to update the database as a result of the GET request”. You can do manipulation to the SharePoint data by setting the “AllowUnsafeUpdates = true”.
Simply add the below in master page “<SharePoint: FormDigest runat=”server” />”
You have created a new ASPX page and trying to run it under SharePoint context.
If the page Post back you get the following error “The
security validation for this page is invalid.”
Reason: SharePoint uses Form validation digest to stop attacks.
Reason: SharePoint uses Form validation digest to stop attacks.
Where the SharePoint team used/placed
the “FormDigest” control?
By default, default.master [v4.master
in SharePoint 2010] has a “FormDigest”
control. Need of it is to prevent pages from the cross-site scripting attacks. Refer
to get more details here.
The
Reason is we can’t do manipulations directly
to the SharePoint data because of security validation in SharePoint.
But, some situation we should do
manipulations to the SharePoint data even the data is not safe. So, how can we
do manipulations and how we can avoid from above exception? Don’t worry here
also, b’se SharePoint thought about it already. The solution is “AllowUnsafeUpdate”.
As per msdn article “AllowUnsafeUpdates is set to true when you are trying to update the database as a result of the GET request”. You can do manipulation to the SharePoint data by setting the “AllowUnsafeUpdates = true”.
Simply add the below in master page “<SharePoint: FormDigest runat=”server” />”
Inserting this control on an ASPX page
generates a security validation, or message digest, to help prevent an attack
wherein a user is tricked into posting data to the server. The security
validation is specific to a user, site, and time period and expires after a
configurable amount of time. When the user requests a page, the server returns
the page with security validation inserted. When the user then submits the form,
the server verifies that the security validation has not changed. For more
information about this control, see the FormDigestclass on msdn.
That’s
the reason; we should set AllowUnsafeUpdates as false once done all the changes.
As
per client object model: While
using ECMAScript Client OM, if your code modifies SharePoint content, you
need to add a “FormDigest” control
inside your page.
No comments:
Post a Comment